SSH Key Pair Authentication
Even though most people are familiar with passwords, due to their many shortcomings their use is slowly changing. The problem with passwords is they need to be strong yet memorable, which can be difficult proposition. Password managers can help but those aren’t without issues either, and might not work in all scenarios.
In most cases the SSH server on Linux will authorize users to login with the password set for them. There are other methods to login to a Linux machine, but this guide will focus on remotely logging into a Linux machine using a key pair for authentication.
-
Create a key pair using Bitvise SSH Client. In the main Bitvise window open the
Client key manager
-
The Client Key Manager is a handy GUI to manage key pairs to authenticate to a host. The example below has a key pair generated as
Profile 1
. Confidential information has been pixelated out, make sure not to lose track of this information. -
Click the Generate New button to open the Generate New Keypair dialog.
- Location
Profile
makes the key pair only available to the currently open Bitvise profile.Global
makes the key pair available to all profiles. A unique number is required for the key pair.- Algorithm
- Various algorithms can be selected. RSA is fine for general use with a size of at least 2048, though its recommended to go higher if security is paramount. Ed25519 is one of the most widely used signature schemes proven to be highly secure.
- Passphrase
- An optional passphrase can be used to further secure the private key. Even so it is highly recommended to use a passphrase.
- Comment
- An optional comment to provide further details about the key. This is useful if you manage many keys.
- Generate
- Once all required fields are filled, click the generate button to create the key pair.
-
To export the key to a compatible format use the Export Key dialog.
- Export public key
- Export the public key in the OpenSSH format.
- Export private key
- The private key can be backed up as a Bitvise format or an OpenSSH format.
- Export
- Click this button to bring up the save dialog.
-
Connect to the server using ftp, sftp, or ftps. Sftp is recommended.
-
Move to the user’s home profile, in Debian that is usually located at
/home
and the user’s directory. In the example below replace$USER
with the appropriate username.cd /home/$USER
the
~/
path is a short cut to the currently logged in user’s home.cd ~/
-
Create a directory called
.ssh
mkdir ~/.ssh/
-
Copy the exported public key from before into the
.ssh
directory. -
Rename the file to
authorized_keys
mv ~/.ssh/publickey.pub ~/.ssh/authorized_keys
-
Adjust the permissions of the
.ssh
directorychmod 644 ~/.ssh/ chmod 700 ~/.ssh/authorized_keys
-
Log out of any current ssh sessions.
-
Select
publickey
as the initial method for authentication. Select the correct key profile, 2 since that’s the new profile we made earlier. If the key has a passphrase enter it in thePassphrase
section. -
Log back in using generated key pair.